Continued work on Capabilities for FreeBSD, fixing an
elusive
bug that resulted in a panic when init tried to shut the
system
down. Init now picks up the extra capabilities it requires
at
boot time (capability to signal processes owned by other
uid's,
and capability to invoke reboot()). Having this code in a
more
workable condition puts be in a good position to push a
large pile of trusted OS extensions to FreeBSD out the door,
in a continuingly RSN kind of way. Received email from
others
involved in trusted FreeBSD extensions including a new
version of the Mandatory Access Control (MAC) support.

Sadly, the Microsoft trial has resulted in the dropping of
the
one charge I felt really convincing: that computer vendors
were leveraged into only providing Windows as the operating
system of choice. Most of the other charges, while no doubt
important, are relatively subjective, and may involve
tangling
of legal definitions and software authorship in ways that
may
not make sense. Query: if Microsoft is broken up, which
bits
get which intellectual property? Microsoft Research has
been
extremely busy, these last couple of years...

Picked up some great bread from the local Bread and Circus
store, which is part of the Whole Foods Market chain (may
be known in some areas as Fresh Fields, etc), and had a good
sandwich for lunch.

Continued work on my current pool of projects (work,
moonlighting,
hobby) while being taken in by a variety of April Fools
jokes on
the web. Had dinner at a great little vegetarian
restaurant, Bellas,
in Northampton, MA. Went to a 1900->2000 time capsule
opening
at Mt Holyoke College, where it was discovered in front of a
large
audience that the box was soldered shut, requiring a
somewhat
extended wait while appropriate tools were identified to
open
the box without damaging the contents. Turned out that the
Mt Holyoke class of 1900 had quite a sense of humor...

FreeBSD capabilities are progressing--wrote about 10 pages
worth
of man pages, and cleaned up supporting libraries. Should be
ready to put a version online RSN.

Haven't made much progress on extended attributes, as I'm
hoping
for some feedback before pushing it out the door, as it's
likely
to be a little more on the controversial side: the often
lauded but
infrequently used method of choice for file system extension
in
FreeBSD is layering, and I am not using it for this :-).
While
stacked file systems offer a number of architectural
advantages,
there are serious problems with the supporting
infrastructure
currently, although efforts are underway to correct this.
However,
until it's fixed, I still have work to do, so extended
attributes
are part of my base version of FFS. I also suspect that
until FFS
itself is broken into layers (namespace vs. filestore)
services such
as extended attributes cannot reasonably be implemented as
layers, due to the issues associated with hard links,
garbage
collection, etc.

Work continues as usual: quite hectic with many impending
deadlines, both for NAI/TIS stuff, and contract
work/writing.
Given the choice of falling behind or canceling commitments,
I always seem to choose falling behind. Not clear that this
is
a healthy habit.

Currently preparing FreeBSD FFS named extended attribute
support for public review and possibly committing. Extended
attributes are required for my work related to adding ACLs
and Capabilities to FreeBSD, as they allow the arbitrary
tagging
of security labels to file system objects (files,
directories). I
hope to get the code up in a public place for more general
review this weekend, once I get a few spot reviews done.
I've been running this code on some of my machines for three
or four months now, and it seems fairly stable--perhaps the
time is right :-).

Also preparing FreeBSD capabilities code for
committing--right
now the framework is finished, and some kernel access
control checks have been expanded to include capability
checks. However, in order for capabilities to be really
useful,
extended attributes are required. This is probably a few
weeks
away, depending on the code review process.

Have outstanding review requests on a number of people's
projects, including IFS, mbuf resource starvation work,
fixes
to the default login.conf/dot files for users and root, and
a
few other things. Again, hopefully all stuff to look at
this
weekend.

Forecast for this weekend:
Busy, with a chance of showers.
Will probably fly back to Washington, DC for NAI-related
foo.

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser
code is live. It needs further work but already handles most
markup better than the original parser.